“When both Google and Microsoft are recommending the same thing, it’s probably a good time to start following their advice.” – ZDNet
With the “big 3” in agreement, it’s time to listen. Apple no longer makes it optional. Microsoft says it stops 99.9% of hack attempts and requires it for any Microsoft Partner with access to customer data. Google is also recommending MFA.
There is a lot of information on the internet about which MFA (or 2FA) tool is best. It’s pretty clear that most solutions recommend using an app and not a text code. Text codes are not transferred securely and therefor can be intercepted giving you less security. Bottom line, if you are not using an MFA authenticator app, you are less secure. Every company or organization needs to have MFA protecting their email system, customer information and financial data. Passwords alone just don’t provide a reasonable level of protection.
But is MFA enough?
MFA is a great start but it’s still can be defeated by social engineering (tricking a person to do what they normally would not) attacks. If you are in a business with security and reporting requirements (Legal, Banking, Health Care, etc.), it is not. You need to have “more layers in your tin foil hat” – Matt Soseman, Microsoft.
Google and Microsoft both have security platforms that greatly enhance security. As I have certifications in Microsoft’s Enterprise Mobility and Security (EMS) platform, I’ll use that as an example. EMS is an Office 365 add on that can protect not only Microsoft Platforms, where it clearly out shines all other products, but also 3rd party apps. It’s not simple to configure initially because there are so many amazing features. But the many services bundled can protect everything in your environment. And save a good deal of money compared to cobbling together multiple products.
EMS is a Azure based cloud product. No servers are required for most environments. EMS can protect your PCs, Mobile iOS and Andriod Devices (cooperate supplied or BYOD), Macs, and servers. It can also protect almost any cloud service (Office 365, G Suite, Facebook, DropBox, etc.). EMS incorporates many tools including MFA, Mobile Management, Antivirus, and Single Sign on. There are many other tools in the base product (EMS E3, free to non-Profits under 50 users) that I won’t go into. EMS starts at a very reasonable monthly charge of $8.80 per user for commercial accounts.
Once a basic level of security is achieved with EMS E3, organizations, can add more and more “tin foil” layers of security while making access to secure systems easier. For example, see my earlier article about getting rid of passwords on this blog.
The highest end version of Microsoft’s security suite (Microsoft 365 E5) can even monitor your Firewall logs for security threats and take automatic action to block compromised systems and accounts from your data.
At General Networks we strongly recommend EMS and Microsoft 365 as complete security services.